Privacy Policy - JFit Connect

Effective Date: March 15, 2026

Last Updated: May 18, 2026

Welcome to JFit Connect (“JFit,” “we,” “us,” or “our”). We are committed to protecting your privacy. This Privacy Policy explains how we collect, use, and safeguard your information across our website and mobile application (the “Platform”).

1. DATA WE COLLECT

We collect several types of information to provide a seamless connection between clients and fitness professionals:

Identity & Contact Data: Name, email address, phone number, and physical address (required for home-service bookings).
Health & Fitness Data (Sensitive): Fitness goals, weight, height, known injuries, and medical history. By providing this, you give explicit consent for JFit and your selected trainer to use this info to personalize your sessions.
Location Data: We request permission to access your device’s precise GPS location. This permission is requested at the time of your first booking or trainer search. You may grant or deny this permission at any time through your device settings. We collect your location solely to help you find nearby trainers, enable “on-site” session verification, and improve our trainer recommendation engine.
Financial Data: Payment card details are processed by our third-party payment gateways (e.g., Stripe/Apple Pay). JFit does not store your full credit card information on our servers.
Usage & Technical Data: IP address, device type, and app usage patterns collected via cookies and SDKs.

2. HOW WE USE YOUR DATA

We process your data based on Contractual Necessity (to manage bookings) and Explicit Consent (for health data):

Service Delivery: To facilitate bookings, payments, and communication between you and the fitness professional.
AI Recommendations: We use automated processing to suggest trainers based on your location, goals, and previous bookings.
Safety & Security: To verify the identity of trainers and clients for home-visit safety.
Marketing: With your consent, we send updates about new trainers or local fitness events.
Location-Based Services: Your location data is used only while the app is in use (foreground access), unless you have explicitly enabled background location for session check-in features. We do not track your location continuously or share it with third parties beyond your selected trainer during an active booking.
Device identifiers. Operating system, device model, app version, language and region, time zone, and a randomly generated device identifier used to deliver push notifications.
Advertising identifier (IDFA, iOS only). With your explicit permission, granted through Apple’s App Tracking Transparency prompt, we collect Apple’s Identifier for Advertisers (IDFA) for marketing attribution. If you decline the App Tracking Transparency prompt or later turn off tracking in iOS Settings, we do not collect IDFA and you continue to use the app normally.
Push notification tokens. When you grant notification permission, your device’s push token is stored on our servers so we can send you booking reminders, message alerts, and account notifications. You can disable notifications at any time from your device settings.
Photos and camera content. If you grant camera or photo library permission, the specific photo you select is uploaded to our servers and used only for the purpose you chose (your profile photo, or, for Experts during onboarding, an image of a verification document or professional certification). We do not access other photos in your library, and we do not run any background scan of your library.
Location. See the dedicated “Location” section below.

3. DATA SHARING & DISCLOSURE

We do not sell your personal data. We share your information only with:

Service Providers (Trainers): When you book a session, we share your name, location, and relevant fitness/health notes with the professional you selected.
Payment Processors: To facilitate secure transactions.
Regulatory Authorities: When required by UAE law or to protect the safety of our users.

4. DATA STORAGE & RETENTION (UAE REGION)

Localization: Your data is primarily stored on secure servers located within the United Arab Emirates.
Retention Period: We retain your personal data for one (1) year after your account becomes inactive. After this period, data is deleted or anonymized, unless financial records must be kept longer (5 years) for tax/legal compliance.

5. MINORS & PARENTAL CONSENT

JFIT Connect is intended for users aged 13 and over. Users between 13 and 18 (or the age of majority in their jurisdiction, whichever is higher) must use the app under the supervision of a parent or legal guardian. We do not knowingly collect personal data from children under 13. If you believe a child under 13 has provided us personal data, please contact support@jfitconnect.com and we will delete the data.

6. YOUR RIGHTS

Under the UAE PDPL, you have the right to:

Access: Request a copy of the data we hold about you.
Correction: Amend any inaccurate personal or health information.
Account deletion: You can delete your JFIT Connect account at any time directly from within the app — tap “Delete my account” on the onboarding screens, or, after onboarding, open the Account tab → Privacy & Security → “Delete account permanently.” Once you confirm deletion, your account enters a 30-day grace period during which it can be reactivated by contacting support; after the 30 days, your personal data is permanently deleted or anonymized, except where retention is required by law. Sessions are signed out on all devices and stored push notification tokens are removed.
Withdrawal of Consent: Opt-out of location tracking or marketing at any time.

7. SECURITY

We implement industry-standard encryption (SSL/TLS) and multi-factor authentication to protect your data. However, no method of transmission over the internet is 100% secure. By using the Platform, you acknowledge this inherent risk.

8. THIRD PARTY SERVICES

We rely on the following third-party services to operate the app. Each is bound by a written data-processing agreement with us, and you can review their privacy practices on their own websites:

Stripe, Inc. (United States) — payment processing for client purchases (sessions, programs, and one-off payments). Payment card details are collected by Stripe directly and are never stored on our servers. https://stripe.com/privacy
Apple Inc. (United States) — Sign in with Apple authentication; App Store In-App Purchase for Expert subscription plans; push notification delivery (APNs). https://www.apple.com/legal/privacy/en-ww/
Google LLC (United States) — Sign in with Google authentication. https://policies.google.com/privacy
AppsFlyer Ltd. (Israel) — install attribution, in-app event analytics, deep-link routing (OneLink), and uninstall measurement. AppsFlyer processes a hashed device identifier, your IDFA (only if you grant App Tracking Transparency permission), install and click timestamps, and the in-app events listed at the end of this policy. AppsFlyer does not receive your name, email, phone number, or any health information. https://www.appsflyer.com/legal/services-privacy-policy/

9. MARKETING

App Tracking Transparency (iOS). On iOS, we ask for your permission before any third-party (currently AppsFlyer) is allowed to associate your activity in JFIT Connect with your Apple Identifier for Advertisers. You can change this choice at any time in iPhone Settings → Privacy & Security → Tracking, by toggling JFIT Connect on or off. Denying this permission does not affect your ability to use the app or any paid features.

9. CONTACT US

For any privacy-related inquiries or to exercise your rights, please contact our Data Protection Officer at:

Email: support@jfitconnect.com

Address: Dubai, UAE